All three bulletins list the vulnerabilities as potentially exploitable for Remote Code Execution (RCE), or, in Adobe's own words, as bugs that could "allow an attacker to take control of the affected system."

As is often the case with Adobe's updates, there are lots of version numbers to take into account.

That's especially true of Flash Player, where it seems that the product's source code for the various platforms supported is currently at a wide range of different stations in Adobe's railway network. (Platforms. Stations. Geddit?)

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too.
Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009.
Follow him on Twitter: @duckblog